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IN THE CLAIMS: 
Amended claims follow: 

1 . (Currently Amended) A system for authenticating message data to be exchanged 
between a sender and a receiver, comprising: 

a controller that dynamically selects one of a plurality of authentication mechanisms to be 
used in providing auUientication for an exchange of message data; 

a security association and key management module that establishes security associations for 
said plurality of authentication mechanisms; and 

an authentication module that includes support for said plurality of authentication 
mechanisms, wherein said authentication module generates an authentication tag using an 
authentication mechanism selected by said control, said authentication tag being appended to said 
message data; 

wherein a portion of a message associated with the message data is processed using a first 
function that is utilized at least in part to produce the authentication tag; 

wherein said portion of said message processed is selected by using a pseudorandom 
probabilistic function^ 

wherein said message is partitioned into regions, each region including a number of message 
parts, and providing one message part from each region as input to said first function . 

2. (Original) The system of claim 1, wherein said controller receives an input identifying 
a processor load. 
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3. (Original) The system of claim 1 , wherein said controller receives an input identifying 
an authentication error level. 

4. (Original) The system of claim 1 , wherein said controller receives an input identifying 
network defense alarms. 

5. (Original) The system of claim 1, wherein said controller receives an input identifying 
a security policy. 

6. (Original) The system of claim 1, wherein said controller includes a network security 
service resource and one or more security association resource managers contexts, each of said one 
or more security resource managers contexts being established for a corresponding network 
application and being responsible for establishing and maintaining an authentication mechanism for 
a corresponding associated network application, said network security service resource being 
responsible for providing resource and security constraints within which each of said one or more 
security resource managers contexts operates. 

7. (Original) The system of claim 1 , wherein said security association and key 
management module generates an authentication key for authenticating said message data. 

8. (Original) The system of claim 1 , wherein said security association and key 
management module generates a confidentiality key for securing control messages. 
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9. (Origiiial) The system of claim 1, wherein said security association and key 
management module operates in accordance with the Intemet Key Exchange standard. 

10. (Original) The system of claim 1, wherein said authentication module operates in 
accordance with the IPsec standards. 

1 1 . (Currently Amended) A system for authenticating message data to be exchanged 
between a sender and a receiver, comprising: 

a controller that dynamically selects one of a plurality of authentication mechanisms to be 
used in providing authentication for an exchange of message data; and 

an authentication module that generates an authentication tag using said selected •. 
authentication mechanism, said authentication tag being appended to said message data; : 

wherein a portion of a message associated with the message data is processed using a first 
function that is utilized at least in part to produce the authentication tag; 

wherein said portion of said message processed is selected by using a pseudorandom 
probabilistic function; 

wherein said message is partitioned into regions, each region includine a number of message 
parts, and providing one message part from each region as input to said first function . 

12. (Original) The system of claim 1, further comprising a security association and key 
management module that estabhshes and maintains said plurality of authentication mechanisms. 
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1 3. (Original) The system of claim 2, wherein said security association and key 
management module operates in accordance with IKE. 

14. -23. (Cancelled) 

24. (Previously Presented) The system of claim 1 , wherein said message includes a 
number of message parts, said message parts are 64-bit words. 

25. (Currently Amended) The s yst e m of claim 1, fiirthor c o mprisin g A system for 
authenticating message data to be exchanged between a sender and a receiver, comprising: 

a controller that dynamically selects one of a pluralitv of authentication mechanisms to be 
used in providing authentication for an exchange of message data: 

a security association and key mmagement module that establishes security associations for 
said nlurahty of authentication mechanisms: and 

an authentication module that includes support for said plurality of authentication 
mechanisms, wherein said authentication module generates an authentication tag using an 
authentication mechanism selected by said control, said authentication tag being appended to said 
message data: 

wherein a portion of a message associated with the message data is processed using a first 
junction that is utilized at least in part to produce the authentication tag: 

wherein said portion of said message processed is selected by using a pseudorandom 
probabilistic function: 
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wherein means is included for partitioning said message into regions, each region including a 
number of message parts, and providing one message part from each region as input to said first 
function. 

26. (Currently Amended) The sys t em of claim 1. A system for authenticating message 
data to be exchanged between a sender aad a receiver, comprising: 

a controller that dynamically selects one of a plurality of authentication mechanisms to be 
used in providing authentication for an exchange of message data: 

a security association and key mimagement module that establishes security associations for 
said plurality of authentication mechanisms; and 

an authentication module that includes support for said plurality of authentication 
mechanisms, wherein said authentication module generates an authentication tag using an 
: authentication mechanism selected by said controK said authentication tag being appended to said 
message data: 

wherein a portion of a message associated with the message data is processed using a first 
function that is utilized at least in part to produce the authentication tag: 

wherein said portion of said message processed is selected by using a pseudorandom 
probabilistic function: 

wherein said portion of said message processed is selected by: 

defining a message selection percentage p; and 

using said pseudorandom probabilistic function, uniform over an interval [1, 2L], where L = 
1/p and p is a message selection percentiige, to determine offsets between message parts which are 
provided as input to said first function. 
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27. (Previously Presented) The system of claim 1, wherein said first function is a keyed 
hash function. 

28. (Previously Presented) The system of claim 1, wherein said first function is one of an 
MD4 hashing function, a bucket hashing function, a multilinear modular hashing function, a cyclic 
redundancy code-based hashing function, and an alternative hash algorithm. 

29. (Previously Presented) The system of claim 1. wherein said portion of said message 
processed is selected by truncating said message. 
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